IT security is essential for all businesses, but many administrators still fall for old myths and false promises. In a recent interview with security expert Frank Ully, he explains what administrators need to watch out for and ignore. Ully is the Head of Research at Oneconsult Deutschland AG in Munich, specializing in offensive IT security.
Although installing updates, activating security software, and enforcing policies are necessary measures, they are not enough to stop attackers. Insecure default settings and misconfigurations pose a greater danger as attackers find it easier to gain access in such environments. Protective measures should be implemented consistently to ensure maximum security.
Many decision-makers assume that investing in expensive security tools guarantees absolute protection. Ully advises against creating a zoo of expensive tools that no one can oversee. Instead, targeted use of less software and investing more in the training of existing employees and additional colleagues makes more sense.
Small businesses are more susceptible to phishing and attacks on unsecured systems accessible from the Internet. SMEs fall victim to such attacks because they have fewer staff and little budget for expensive security solutions.
Ully’s advice can be found in the cover articles on heise+ and in the new iX 6/2023. In the “Three Questions and Answers” series, iX aims to address today’s IT challenges from the perspectives of users, managers, and administrators.
Businesses must recognize the importance of IT security and take the necessary steps to protect themselves from potential attacks.